Did you know your camera probably records its serial number in photos?

That’s news to me. Seems the bad privacy news just keeps falling out of the trees. Perhaps it is because I’ve been attentive to such issues lately.

My repeated point: We need to understand the technology so we can respond intelligently.

Today’s news from Bruce Schneier is on a web site that offers to help you find your stolen camera by telling them your serial number and they will look to find where on the ‘net photos from that camera have been posted. See his post Stolen Camera Finder.

Huh?

Seems your camera, whether digital camera or cell phone, embeds data in the picture about the settings on your phone (aperture, speed, exposure, flash, etc) along with manufacturer and model. This is the EXIF data. Seems the phone’s serial number is also embedded in the file.

I looked at pictures on my computer and can easily see the setting data – just right-click on the picture and choose properties. Using just Windows Explorer and Microsoft Office Picture Manager I can not see the serial number, but I am confident it is there.

Other than the entertaining option of seeing if your stolen phone has been used to post picture and thus try to track down the phone, what are the other implications?

How about security?

Security in your ministry. If someone finds a picture that is of serious concern to them (you know what I mean), they could scour the ‘net for other photos coming from that phone. Could backtrack from an unknown phone or location to known organization. There are organizations that probably don’t particularly want to reveal that much information. If you are in this category, you know it.

Personal security. See previous post on stalking and burglary/kidnapping risks. One commenter said:

most people don’t realize that posting pics online is a security risk – potential criminals see your house, layout of the rooms, security cams, potential loot like flatscreens, cars, expensive jewelry etc – and with new cameras they even have the GPS data to find you and your friends

In addition to the visible info, the embedded data can identify you and link photos together. Keep in mind some phones now include ‘geolocation’ information. That means exact tracking data, perhaps to include longitude and latitude.

If none of those issue I mentioned earlier are of concern, that’s fine. If some of those issues area a big deal in your life, you need to do more research and figure out how to deal with this.

If this type of security is an issue for you, consider that even stripping the EXIF file will completely anonomize your photo. Another commenter pointed out:

Digital photos are to an extent traceable even if all metadata is stripped. Research that was referenced on Bruce’s blog years ago, showed that each camera has a “fingerprint” that is imprinted on every photo, and is quite difficult to remove. [This fingerprint is the unique pattern of variation in sensitivity of imaging elements.]

While such analysis doesn’t reveal the camera’s serial number, it does allow determination as to whether different images came from the same camera. So if there is even one available image that is known to be from “person X”, any anonymously posted photo with the same fingerprint will have come from the same camera, and would suggest an association with the same person.